ethpandaops · Savid · Feb 14, 2024 · Feb 15, 2024 · Feb 15, 2024 · Feb 16, 2024
diff --git a/roles/k3s/defaults/main.yaml b/roles/k3s/defaults/main.yaml
@@ -35,3 +35,37 @@ k3s_etcd_snapshot_region: us-east-1
 k3s_etcd_snapshot_folder: snapshots
 k3s_etcd_snapshot_insecure: false
 k3s_etcd_snapshot_timeout: 5m0s
+
+# Enable this if you want to install calico
+# https://docs.tigera.io/calico/latest/getting-started/kubernetes/k3s/multi-node-install#install-calico
+# NOTE: enabling this will add the following args to the k3s server node:
+#   --flannel-backend=none
+#   --disable-network-policy
+# NOTE: If you run rancher webhook you may run into this issue:
+# https://ranchermanager.docs.rancher.com/reference-guides/rancher-webhook#eks-cluster-with-calico-cni
+k3s_calico: false
+k3s_calico_version: "v3.29.1"
+# Change this if you want to use a different version of calico custom resources.
+# The default calico custom resources will be used when this is omitted.
+# https://docs.tigera.io/calico/latest/getting-started/kubernetes/k3s/multi-node-install#install-calico
+# k3s_calico_custom_resources: |
+#   apiVersion: operator.tigera.io/v1
+#   kind: Installation
+#   metadata:
+#     name: default
+#   spec:
+#     # Configures Calico networking.
+#     calicoNetwork:
+#       # Note: The ipPools section cannot be modified post-install.
+#       ipPools:
+#       - blockSize: 26
+#         cidr: 192.168.0.0/16
+#         encapsulation: IPIP
+#         natOutgoing: Enabled
+#         nodeSelector: all()
+#   ---
+#   apiVersion: operator.tigera.io/v1
+#   kind: APIServer
+#   metadata:
+#     name: default
+#   spec: {}
diff --git a/roles/k3s/tasks/server.yaml b/roles/k3s/tasks/server.yaml
@@ -93,3 +93,69 @@
     src: /usr/local/bin/k3s
     dest: /usr/local/bin/crictl
     state: link
+
+- name: Install Calico for k3s
+  when: k3s_calico
+  block:
+    - name: Check if custom Calico resources are defined
+      ansible.builtin.set_fact:
+        custom_resources_defined: "{{ k3s_calico_custom_resources is defined and k3s_calico_custom_resources | trim | length > 0 }}"
+
+    - name: Create calico directory
+      ansible.builtin.file:
+        path: "{{ k3s_server_location }}/server/calico"
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+
+    - name: Download tigera-operator.yaml
+      ansible.builtin.get_url:
+        url: "https://raw.githubusercontent.com/projectcalico/calico/{{ k3s_calico_version }}/manifests/tigera-operator.yaml"
+        dest: "{{ k3s_server_location }}/server/calico/tigera-operator.{{ k3s_calico_version }}.yaml"
+        owner: root
+        group: root
+        mode: "0644"
+      register: download_tigera_operator
+
+    - name: Remove existing custom resources
+      ansible.builtin.command:
+        cmd: k3s kubectl delete -f {{ k3s_server_location }}/server/calico/custom-resources.yaml
+      ignore_errors: true
+
+    - name: Apply tigera-operator.yaml with --force-conflicts
+      ansible.builtin.command:
+        cmd: >
+          k3s kubectl apply --server-side --force-conflicts -f
+          {{ k3s_server_location }}/server/calico/tigera-operator.{{ k3s_calico_version }}.yaml
+      when: download_tigera_operator.changed
+      register: apply_tigera_operator
+      retries: 5
+      delay: 10
+      until: apply_tigera_operator is succeeded
+
+    - name: Write custom resources to file
+      ansible.builtin.copy:
+        dest: "{{ k3s_server_location }}/server/calico/custom-resources.yaml"
+        content: "{{ k3s_calico_custom_resources }}"
+        mode: "0644"
+      when: custom_resources_defined
+
+    - name: Download default custom-resources.yaml
+      ansible.builtin.get_url:
+        url: "https://raw.githubusercontent.com/projectcalico/calico/{{ k3s_calico_version }}/manifests/custom-resources.yaml"
+        dest: "{{ k3s_server_location }}/server/calico/custom-resources.yaml"
+        owner: root
+        group: root
+        mode: "0644"
+      when: not custom_resources_defined
+
+    - name: Apply custom-resources.yaml
+      ansible.builtin.command:
+        cmd: >
+          k3s kubectl apply --server-side -f
+          {{ k3s_server_location }}/server/calico/custom-resources.yaml
+      register: apply_custom_resources
+      retries: 5
+      delay: 10
+      until: apply_custom_resources is succeeded
diff --git a/roles/k3s/templates/k3s-server.service.j2 b/roles/k3s/templates/k3s-server.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} {{ k3s_server_extra_args | default("") }}
+ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} {{ k3s_server_extra_args | default("") }}{% if k3s_calico %} --flannel-backend=none --disable-network-policy{% endif %}{{ "" }}
 
 KillMode=process
 Delegate=yes